Hello again,
I left the upload rule set to ‘Disable’ (by default).
BUT, this problem occurs even when using admin level account.
I hope this can help.
Kind regards
Hi again,
De-activating NinjaFirewall soloves the problem.
But this is not an acceptable solution (as you may guess!).
🙂
Hi,
Do you see any error/warning in the firewall “Overview” page?
Is it written that you are whitelisted?
Hi!
No warning.
Whitelisted: yes.
That’s odd, because you are whitelisted. You shouldn’t be blocked.
If you click on “Live Log”, does it work as expected, i.e., no warning, no error?
Did you make change to your blog since last week (added new plugins etc)?
In the last few days (about 1 week before the issue occured), I installed Imagify. Everything was working perfectly, as expected.
I thought it was an issue with this plugin at first, so I disabled it, and even uninstalled it. I do not remember correctly, but their could have been upadtes of Imagify since I installed it.
I tested Imagify installed and activated with NFW disabled and media uplaod is working correctly.
I’ve just enabled NFW again to get Live Log and tried to upload a file. Here are the logs of the event (unsuccessful…):
- [12/Feb/16:13:45:33 +0100] – 2.3.xxx.yyy “POST /wp-admin/admin-ajax.php” “http://my-site.ext/wp-admin/” “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.103 Safari/537.36” “2.3.xxx.yyy” “my-site.ext”
- [12/Feb/16:13:45:35 +0100] – 2.3.xxx.yyy “GET /wp-admin/admin-ajax.php?action=imagify_get_admin_bar_profile&imagifygetadminbarprofilenonce=cde0479718” “http://my-site.ext/wp-admin/” “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.103 Safari/537.36” “2.3.xxx.yyy” “my-site.ext”
- [12/Feb/16:13:45:36 +0100] – 2.3.xxx.yyy “GET /wp-admin/admin-ajax.php?action=imagify_get_admin_bar_profile&imagifygetadminbarprofilenonce=cde0479718” “http://my-site.ext/wp-admin/” “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.103 Safari/537.36” “2.3.xxx.yyy” “my-site.ext”
- [12/Feb/16:13:45:38 +0100] – 2.3.xxx.yyy “POST /wp-admin/admin-ajax.php” “http://auto.jbhuet.fr/wp-admin/” “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.103 Safari/537.36” “2.3.xxx.yyy” “my-site.ext”
- [12/Feb/16:13:45:41 +0100] – 2.3.xxx.yyy “GET /wp-admin/upload.php” “http://my-site.ext/wp-admin/” “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.103 Safari/537.36” “2.3.xxx.yyy” “my-site.ext”
- [12/Feb/16:13:45:45 +0100] – 2.3.xxx.yyy “GET /wp-admin/media-new.php” “http://my-site.ext/wp-admin/upload.php” “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.103 Safari/537.36” “2.3.xxx.yyy” “my-site.ext”
- [12/Feb/16:13:45:52 +0100] – 2.3.xxx.yyy “POST /wp-admin/admin-ajax.php” “http://my-site.ext/wp-admin/media-new.php” “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.103 Safari/537.36” “2.3.xxx.yyy” “my-site.ext”
- [12/Feb/16:13:45:57 +0100] – 2.3.xxx.yyy “POST /wp-admin/admin-ajax.php” “http://my-site.ext/wp-admin/media-new.php” “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.103 Safari/537.36” “2.3.xxx.yyy” “my-site.ext”
- [12/Feb/16:13:46:07 +0100] – 2.3.xxx.yyy “POST /wp-admin/admin-ajax.php” “http://my-site.ext/wp-admin/media-new.php” “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.103 Safari/537.36” “2.3.xxx.yyy” “my-site.ext”
- [12/Feb/16:13:46:12 +0100] – 2.3.xxx.yyy “POST /wp-admin/admin-ajax.php” “http://my-site.ext/wp-admin/media-new.php” “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.103 Safari/537.36” “2.3.xxx.yyy” “my-site.ext”
- [12/Feb/16:13:46:14 +0100] – 2.3.xxx.yyy “POST /wp-admin/async-upload.php” “http://my-site.ext/wp-admin/media-new.php” “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.103 Safari/537.36” “2.3.xxx.yyy” “my-site.ext”
- [12/Feb/16:13:46:17 +0100] – 2.3.xxx.yyy “POST /wp-admin/admin-ajax.php” “http://my-site.ext/wp-admin/media-new.php” “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.103 Safari/537.36” “2.3.xxx.yyy” “my-site.ext”
The problem is that you should not be logged by Live Log, because it does not show the whitelisted administrator connections, as indicated in the Live Log page: Live Log will not include yourself or any other whitelisted users.
Can you check this discussion and follow the same instructions: https://wordpress.org/support/topic/ninja-firewall-blocking-admin-user-uploads
OK,
This is a multi-site installation.
1st test: logged as super-admin on a sub-site (this super-admin account is declared as admin on sub-site). NOK.
2nd test: loggued as local (sub-site only) admin. NOK.
